An enormous online attack targeting 1.6 million WordPress sites is wreaking havoc on the web. Nearly 14 million attacks were made in the past 36 hours. The attacks are from 16,000 unique IP addresses.
What Do We Know About the Attacks?
Wordfence Security, a digital security firm, identified millions of attacks on WordPress sites in an onslaught that shows no signs of slowing down. The attacks revolve around exploiting WordPress plug-ins. The hackers are also taking advantage of Epsilon framework themes. The use of unique IP addresses empowers the hackers to overcome targeted sites with arbitrary option updates.
How can WordPress Sites Avoid Harm?
The best way to defend against the
cyber attack is to implement updates. Wordfence Security researchers also recommend patching plug-ins and themes with the latest versions. Plug-ins have an inherent risk for web applications. Unless updated, WordPress plug-ins provide an avenue for hackers to cause problems. WordPress users are also advised to implement web application firewalls. The use of a client-side solution for visibility also helps identify harmful code.
What is the Targeted Vulnerability?
The digital security specialists at Wordfence state that the hackers zero in on authenticated arbitrary options update flaws within specific plug-ins. Kiwi Social Share, PublishPress, Automatic, and Pinterest Automatic are especially vulnerable plug-ins.
The Kiwi Social Share plug-in has not been patched since the winter of ’18. These significant vulnerabilities combined with the expansive scope of the
digital attack make millions of WordPress sites vulnerable. Those with a site running any of the plug-ins or themes noted above are advised to update it with the latest patches for comprehensive digital protection.
Wordfence representatives stated they observed little effort to take advantage of the WordPress vulnerabilities before the midpoint of last week. Wordfence researchers also indicated that the hackers are attempting to reverse-engineer the PublishPress Capabilities patch to take advantage of weak points in the arbitrary options update. The use of shadow code through a third-party framework and/or plug-in extends the magnitude of the attack for WordPress sites.
The hackers responsible for the WordPress attack are also zeroing in on function injection vulnerabilities within
Epsilon framework themes. Examples of the most vulnerable themes include Transcend, Affluent, Brilliance, Lite, NewsMag, Regina Lite, Pixova Lite, Shapely, Antreas, and MedZone Lite.
NatureMag Lite is also targeted, yet it cannot be patched. WordPress site owners with the NatureMag Lite theme are encouraged to delete it to sidestep a potentially debilitating attack.
Why is the Attack Newsworthy?
The hackers behind this attack are taking over WordPress sites. These digital miscreants obtain control of WordPress sites by altering the option for users permitted to register, changing it to “enabled,” and switching the “default role” to that of administrator. WordPress site owners are encouraged to check these settings for alterations and revert them to their original state.